WASHINGTON — Identity theft is the fastest-growing crime in America, and the theft of medical identities is a key part of the problem. Once a crook has that insurance card, Medicare or Medicaid number, investigators say, it is fairly simple to bill for fictitious services rendered.
An estimated 313,000 Americans will have their medical identities stolen this year, according to a recent study by the Michigan-based Ponemon Institute, bringing the total number in the last few years to 1.84 million.
Those numbers can be doubled overnight if hackers break into the quickly growing medical databases around the country. U.S. hospitals and medical centers have been hit by 56 hacking attacks in the last four years. A hacker traced to Romania lifted identities and other information from 780,000 patients in Utah’s Medicaid files in 2012.
“Medical identity theft has the potential to impede your medical treatment and the potential to kill you,” said Robin Slade of the Medical Identity Fraud Alliance. “A thief using your identity may have a different blood type, or not have the same allergies. It’s a fraud that causes your medical record to get contaminated by a perpetrator.”
Often the thefts start small. CEO Larry Ponemon of the Ponemon Institute said about a third of the people whose identities are stolen have admitted that they shared the information with a family member or a friend who lacked health insurance.
“It’s looked on as a Robin Hood crime, where a family member in need takes the ID and is treated for an illness,” Ponemon said.
The resulting treatment goes into the record of the ID owner, however, where it can complicate future medical care — and create expensive liabilities.
“Customer liability is limited in credit card fraud, but nothing like that exists in the health care space,” Ponemon said.
People working in doctor’s offices or hospitals have downloaded patient identities onto thumb drives to enrich themselves by selling the information on black markets — on the street or in Internet chat rooms.
A federal judge in Florida became a witness for the prosecution after his medical identity was stolen this way and used to file insurance claims for two prosthetic legs. The judge testified that he had not made the claims because he had both of his legs.
Medical ID thieves don’t need wealthy targets to pull off lucrative scams. People with Medicaid or Medicare numbers are attractive as well. One of the biggest alleged Medicare frauds involved a Dallas nurse who recruited medical identities from homeless people at The Bridge shelter.
What worries federal and private insurance investigators most, however, are hackers. Seven thousand patient identities were compromised last year by a hacker at the University of Houston’s College of Optometry. In 2010, a hacker broke into the University of Texas at Arlington’s Office of Health Services data. The names, addresses, diagnostic codes and medications of an estimated 27,000 students were affected.
The Utah Medicaid hacking was the biggest so far. A hacker broke into the state’s Medicaid server and took files containing 280,000 Social Security numbers, and names, addresses and so forth on an estimated half a million other state residents.
The break-in was traced to an Internet address in Romania, but there the trail went cold, said Tom Hudachko, a spokesman for the Utah Department of Health.
Utah set up a special response office for anyone who detected suspicious activity in their medical records and a new state office of health data security. So far, however, no one has been detected using the stolen information, Hudachko said.
To make sure they haven’t been victimized, consumers should check their medical records and watch their insurance statements for any strange activity.
“It can be so easy to steal this information, and it can take so long to discover it, that tens of thousands of fake medical claims can get paid before anybody gets wise,” said Jim Quiggle, communications director for the Coalition Against Insurance Fraud, an industry group.